Skip to content

C
cpython
Commit cd96b4f1 authored by Charles-François Natali's avatar Charles-François Natali
Browse files
Options

Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in SimpleXMLRPCServer 

upon malformed POST request.
parents ead1de2f ec1712a1
Hide whitespace changes
Inline Side-by-side
Showing with 15 additions and 7 deletions
Lib/test/test_xmlrpc.py
View file @ cd96b4f1
...@@ -474,12 +474,7 @@ class BaseServerTestCase(unittest.TestCase): ...@@ -474,12 +474,7 @@ class BaseServerTestCase(unittest.TestCase):
def tearDown(self): def tearDown(self):
# wait on the server thread to terminate # wait on the server thread to terminate
self.evt.wait(4.0) self.evt.wait()
# XXX this code does not work, and in fact stop_serving doesn't exist.
if not self.evt.is_set():
self.evt.set()
stop_serving()
raise RuntimeError("timeout reached, test has failed")
# disable traceback reporting # disable traceback reporting
xmlrpc.server.SimpleXMLRPCServer._send_traceback_header = False xmlrpc.server.SimpleXMLRPCServer._send_traceback_header = False
...@@ -626,6 +621,13 @@ class SimpleServerTestCase(BaseServerTestCase): ...@@ -626,6 +621,13 @@ class SimpleServerTestCase(BaseServerTestCase):
server = xmlrpclib.ServerProxy("http://%s:%d/RPC2" % (ADDR, PORT)) server = xmlrpclib.ServerProxy("http://%s:%d/RPC2" % (ADDR, PORT))
self.assertEqual(server.add("a", "\xe9"), "a\xe9") self.assertEqual(server.add("a", "\xe9"), "a\xe9")
def test_partial_post(self):
# Check that a partial POST doesn't make the server loop: issue #14001.
conn = http.client.HTTPConnection(ADDR, PORT)
conn.request('POST', '/RPC2 HTTP/1.0\r\nContent-Length: 100\r\n\r\nbye')
conn.close()
class MultiPathServerTestCase(BaseServerTestCase): class MultiPathServerTestCase(BaseServerTestCase):
threadFunc = staticmethod(http_multi_server) threadFunc = staticmethod(http_multi_server)
request_count = 2 request_count = 2
......
Lib/xmlrpc/server.py
View file @ cd96b4f1
...@@ -474,7 +474,10 @@ class SimpleXMLRPCRequestHandler(BaseHTTPRequestHandler): ...@@ -474,7 +474,10 @@ class SimpleXMLRPCRequestHandler(BaseHTTPRequestHandler):
L = [] L = []
while size_remaining: while size_remaining:
chunk_size = min(size_remaining, max_chunk_size) chunk_size = min(size_remaining, max_chunk_size)
L.append(self.rfile.read(chunk_size)) chunk = self.rfile.read(chunk_size)
if not chunk:
break
L.append(chunk)
size_remaining -= len(L[-1]) size_remaining -= len(L[-1])
data = b''.join(L) data = b''.join(L)
......
Misc/NEWS
View file @ cd96b4f1
...@@ -116,6 +116,9 @@ Core and Builtins ...@@ -116,6 +116,9 @@ Core and Builtins
Library Library
------- -------
- Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in
SimpleXMLRPCServer upon malformed POST request.
- Issue #2489: pty.spawn could consume 100% cpu when it encountered an EOF. - Issue #2489: pty.spawn could consume 100% cpu when it encountered an EOF.
- Issue #13014: Fix a possible reference leak in SSLSocket.getpeercert(). - Issue #13014: Fix a possible reference leak in SSLSocket.getpeercert().
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7